CVE-2024-6485
ADVISORY - githubSummary
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
EPSS Score: 0.00135 (0.337)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADVISORY - github
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADVISORY - gitlab
ADVISORY - redhat
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-6485
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.4mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-vxmc-5x29-h64v
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.4mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2024-6485
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-6485
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-6485
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.4mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-m9rr-95xw-jh5f
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-